Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/INENFus9WqXWtpOeaFhh1OQTHRg.roa
File:                     INENFus9WqXWtpOeaFhh1OQTHRg.roa (raw, json)
Hash identifier:          UQ8ya8gJ+M8V393h6OpqNyf/HVYXH6ODYAUSl4pAhYA=
Subject key identifier:   20:D1:0D:16:EB:3D:5A:A5:D6:B6:93:9E:68:58:61:D4:E4:13:1D:18
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BF0D636DDA4C1CC8E6B4DCB204B18
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/INENFus9WqXWtpOeaFhh1OQTHRg.roa
Signing time:             Thu 02 Jan 2025 09:49:55 +0000
ROA not before:           Thu 02 Jan 2025 09:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210887
IP address blocks:        2a0f:5707:abc0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f0:d6:36:dd:a4:c1:cc:8e:6b:4d:cb:20:4b:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20d10d16eb3d5aa5d6b6939e685861d4e4131d18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b1:a5:aa:b3:4c:1b:13:31:e0:01:84:30:e9:
                    c8:a5:3a:c8:9e:43:58:ed:5c:72:d5:e2:4e:42:05:
                    43:ac:0a:8f:fa:fa:e5:3f:3f:48:64:36:4f:68:56:
                    4a:5d:61:93:6d:a2:e5:97:c7:f9:96:6f:01:13:e8:
                    da:41:2b:e2:56:b4:ae:ae:f3:f4:bf:c8:f3:e4:22:
                    49:74:c2:6b:48:e6:a0:c5:c2:c0:02:4f:9f:57:b1:
                    28:ec:80:eb:ab:12:72:1b:79:2f:7d:14:46:f2:0a:
                    56:8a:f3:d3:7d:35:f1:30:96:85:a3:42:b7:95:80:
                    4c:9a:1a:3c:10:fc:73:53:51:24:32:61:33:4c:82:
                    25:b2:b7:3d:be:af:ea:32:94:06:c0:0d:95:26:f3:
                    93:b4:19:b8:da:cd:af:cd:e6:f9:8b:96:e0:23:34:
                    88:8f:aa:13:7a:4b:51:b9:99:7d:25:30:de:70:d7:
                    41:dc:68:f2:3f:51:76:e0:c4:bd:d6:4f:b2:3e:42:
                    ae:ca:f0:47:7d:71:8a:61:f9:2e:c6:9f:7a:b7:1d:
                    d8:88:c3:7f:0b:8c:9f:2c:17:9f:00:95:37:d5:4f:
                    c9:4b:17:35:01:36:89:db:39:d1:47:73:b5:af:9b:
                    b2:4b:69:16:8a:51:87:df:74:fe:c0:29:96:78:66:
                    70:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:D1:0D:16:EB:3D:5A:A5:D6:B6:93:9E:68:58:61:D4:E4:13:1D:18
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/INENFus9WqXWtpOeaFhh1OQTHRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:abc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a7:03:ac:6a:6f:f0:ce:78:14:00:9a:a2:4e:1f:f0:ae:7d:07:
         7f:2e:ee:3e:a1:98:64:0d:11:79:1a:67:25:20:3f:fa:50:83:
         8f:76:9a:b6:4f:6a:26:b3:f9:b3:f9:c1:fe:75:41:e1:1c:1c:
         6a:5e:87:b0:34:3d:ee:98:68:8a:22:fa:46:28:70:db:5d:92:
         bd:e3:83:a7:cc:ba:e0:14:b8:da:d2:4c:c2:68:77:33:e3:a3:
         fa:63:11:2d:09:d1:a8:e6:54:60:57:a2:1b:76:30:56:94:72:
         f4:46:f0:78:a8:84:2f:22:1c:0e:ca:e7:db:b2:6f:8f:0e:99:
         56:3a:f7:03:c4:96:92:25:cf:8f:1c:b3:2c:7b:97:09:cb:d3:
         da:bd:aa:0d:76:d2:1b:5d:8a:6c:81:be:99:37:c0:03:6f:7c:
         ec:0a:75:4a:72:77:7e:ec:fb:48:5d:3f:87:97:5b:91:08:a0:
         7f:ea:32:3e:59:70:83:27:c4:c1:2f:f1:f9:24:c5:44:c8:3f:
         e1:84:b7:80:91:14:34:4a:06:00:05:0a:d0:f1:32:b2:2e:b9:
         50:e1:a1:2f:ee:0e:b7:c0:1e:2a:04:50:7d:80:94:a4:7a:03:
         dc:ff:ac:59:c6:97:d5:33:ac:11:f8:37:6a:1f:c7:2b:7d:72:
         4f:fc:65:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma/DWNt2kwcyOa03LIEsYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGQxMGQxNmViM2Q1YWE1ZDZiNjkzOWU2ODU4NjFkNGU0MTMxZDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLGlqrNMGxMx4AGEMOnIpTrInkNY
7Vxy1eJOQgVDrAqP+vrlPz9IZDZPaFZKXWGTbaLll8f5lm8BE+jaQSviVrSurvP0
v8jz5CJJdMJrSOagxcLAAk+fV7Eo7IDrqxJyG3kvfRRG8gpWivPTfTXxMJaFo0K3
lYBMmho8EPxzU1EkMmEzTIIlsrc9vq/qMpQGwA2VJvOTtBm42s2vzeb5i5bgIzSI
j6oTektRuZl9JTDecNdB3GjyP1F24MS91k+yPkKuyvBHfXGKYfkuxp96tx3YiMN/
C4yfLBefAJU31U/JSxc1ATaJ2znRR3O1r5uyS2kWilGH33T+wCmWeGZwiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCDRDRbrPVql1raTnmhYYdTkEx0YMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvSU5FTkZ1czlXcVhXdHBPZWFGaGgxT1FUSFJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6vA
MA0GCSqGSIb3DQEBCwUAA4IBAQCnA6xqb/DOeBQAmqJOH/CufQd/Lu4+oZhkDRF5
GmclID/6UIOPdpq2T2oms/mz+cH+dUHhHBxqXoewND3umGiKIvpGKHDbXZK944On
zLrgFLja0kzCaHcz46P6YxEtCdGo5lRgV6IbdjBWlHL0RvB4qIQvIhwOyufbsm+P
DplWOvcDxJaSJc+PHLMse5cJy9PavaoNdtIbXYpsgb6ZN8ADb3zsCnVKcnd+7PtI
XT+Hl1uRCKB/6jI+WXCDJ8TBL/H5JMVEyD/hhLeAkRQ0SgYABQrQ8TKyLrlQ4aEv
7g63wB4qBFB9gJSkegPc/6xZxpfVM6wR+DdqH8crfXJP/GUY
-----END CERTIFICATE-----